DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022057 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2022-11-14 23:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-34325
Mitre link : CVE-2022-34325
CVE.ORG link : CVE-2022-34325
JSON object : View
Products Affected
insyde
- insydeh2o
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition